can we write a script searching for a particular value under structures recursively?
One manually way (and time taking) I can think of is to create a log file with the "dt -r " and searching it manually.
what do you mean by searching for a value recursively ?
dt -r follows structures within structures and as such their Address will not be contiguous
you can use a the simple s command t osearch within a limited space like this
kd> r? $t0 = sizeof(nt!_EPROCESS)
kd> ? #$t0
Evaluate expression: 704 = 000002c0
kd> r? $t1 = ##masm(#$proc)
kd> ? #$t1
Evaluate expression: -2063606960 = 84ffdb50
kd> $$ #$proc is pointer to current process in kernel mode
let us search for char 'k' within this range
kd> s -b #$t1 l?#$t0 'k'
84ffdcbc 6b 64 2e 65 78 65 00 00-00 00 00 00 00 00 00 02 kd.exe..........
kd> dt nt!_EPROCESS ImageFileName #$proc
+0x16c ImageFileName : [15] "kd.exe"
kd> ? #$t1+0x16c
Evaluate expression: -2063606596 = 84ffdcbc
kd>
Related
I am using an ATmega32 to do interrupt
when i trying to do driver of external interrupt 0 , faced me a problem
Interrupt Vectors Table in ATmega32
Interrupt Vectors code in ISR(vector)
In iom32.h code , we see that ((INT0_vect " _VECTOR(1) ")) it's number 1 but in data sheet we see that the number is 2 , why ?
The datasheet starts numbering with the reset vector. But there is no need for an explicit define (like RESET_vect) for the reset vector, since it will not be used in conjunction with ISR(). So in the header/AVRGCC implementation it is omitted.
If you compile this
ISR(INT0_vect) { }
and look at the interrupt vector table
00000000 <__vectors>:
0: 0c 94 46 00 jmp 0x8c ; 0x8c <__ctors_end>
4: 0c 94 5f 00 jmp 0xbe ; 0xbe <__vector_1>
you can see that __vector_1 is placed at byte address 4, which corresponds to the word address 2 from the data sheet.
I am new to u-sql of azure datalake analytics.
I want to do what I think is a very simple operations but ran into trouble.
Basically: I want to create a query which ignore empty string.
using it in select works, but not in WHERE statement.
Below the statement I am making and the cryptic error I get
JOB
#xsel_res_1 =
EXTRACT
x_paper_id long,
x_Rank uint,
x_doi string,
x_doc_type string,
x_paper_title string,
x_original_title string,
x_book_title string,
x_paper_year int,
x_paper_date DateTime?,
x_publisher string,
x_journal_id long?,
x_conference_series_id long?,
x_conference_instance_id long?,
x_volume string,
x_issue string,
x_first_page string,
x_last_page string,
x_reference_count long,
x_citation_count long?,
x_estimated_citation int?
FROM #"adl://xmag.azuredatalakestore.net/graph/2018-02-02/Papers.txt"
USING Extractors.Tsv()
;
#xsel_res_2 =
SELECT
x_paper_id AS x_paper_id,
x_doi.ToLower() AS x_doi,
x_doi.Length AS x_doi_length
FROM #xsel_res_1
WHERE NOT string.IsNullOrEmpty(x_doi)
;
#xsel_res_3 =
SELECT
*
FROM #xsel_res_2
SAMPLE ANY (5)
;
OUTPUT #xsel_res_3
TO #"/graph/2018-02-02/x_output/x_papers_x6.tsv"
USING Outputters.Tsv();
THE ERROR
Vertex failed
Vertex failure triggered quick job abort. Vertex failed: SV1_Extract[0][1] with error: Vertex user code error.
VertexFailedFast: Vertex failed with a fail-fast error
E_RUNTIME_USER_EXTRACT_ROW_ERROR: Error occurred while extracting row after processing 10 record(s) in the vertex' input split. Column index: 5, column name: 'x_original_title'.
E_RUNTIME_USER_EXTRACT_EXTRACT_INVALID_CHARACTER_AFTER_QUOTED_FIELD: Invalid character following the ending quote character in a quoted field.
Row selected
Component
RUNTIME
Message
Invalid character following the ending quote character in a quoted field.
Resolution
Column should be fully surrounded with double-quotes and double-quotes within the field escaped as two double-quotes.
Description
Invalid character is detected following the ending quote character in a quoted field. A column delimiter, row delimiter or EOF is expected. This error can occur if double-quotes within the field are not correctly escaped as two double-quotes.
Details
Row Delimiter: 0x0
Column Delimiter: 0x9
HEX: 61 76 6E 69 20 74 65 72 6D 69 6E 20 75 20 70 6F 76 61 6C 6A 73 6B 6F 6A 20 6C 69 73 74 69 6E 69 20 69 20 6E 61 74 70 69 73 75 20 67 20 31 31 38 35 09 22 50 6F 20 6B 6F 6E 63 75 22 ### 20 28 73 74 61 72 69 20 68 72
UPDATE
BY the way, the operations work on other datasets, so the problem is not the syntax as far as I can tell
//Define schema of file, must map all columns
#searchlog =
EXTRACT UserId int,
Start DateTime,
Region string,
Query string,
Duration int,
Urls string,
ClickedUrls string
FROM #"/Samples/Data/SearchLog.tsv"
USING Extractors.Tsv();
#searchlog_1 =
SELECT * FROM #searchlog
WHERE NOT string.IsNullOrEmpty(ClickedUrls );
OUTPUT #searchlog_1
TO #"/Samples/Output/SearchLog_output_x1.tsv"
USING Outputters.Tsv();
This is an unfortunate error display for this case.
Assuming text is utf-8, you can use a site like www.hexutf8.com to convert the hex to:
avni termin u povaljskoj listini natpisu g 1185 "Po koncu" (Stari hr
It looks like the input row contains at least one " character that is not properly escaped. It should look like this:
avni termin u povaljskoj listini natpisu g 1185 ""Po koncu"" (Stari hr
#Saveenr's answer assumes that the values in your file are all quoted. Alternatively, if they are not quoted (and do not contain your column separator as values), then setting Extractors.Tsv(quoting:false) could help as well.
select md5(15)
returns
Query failed (#20160818_193909_00287_8zejd): line 1:8:
Unexpected parameters (bigint) for function md5. Expected: md5(varbinary)
How do I hash 15 and get back a string? I'd like to select 1 in 16 items at random, e.g. where md5(id) like '%3'.
FYI I might be on version 0.147, don't know how to tell.
FYI I found this PR. md5 would be cross-platform, which is nice, but I'd take a Presto-dependent hash function that spread ids relatively uniformly. I suppose I could implement my own linear formula. Seems awkward.
Best thing I could come up with was to cast the integer as a varchar, then turn it into varbinary via utf8, then apply md5 on the varbinary:
presto> select md5(to_utf8(cast(15 as varchar)));
_col0
-------------------------------------------------
9b f3 1c 7f f0 62 93 6a 96 d3 c8 bd 1f 8f 2f f3
(1 row)
If this is not the result you get, you can always turn it into a hex string manually:
presto> select to_hex(md5(to_utf8(cast(15 as varchar))));
_col0
----------------------------------
9BF31C7FF062936A96D3C8BD1F8F2FF3
(1 row)
i seem to always get incorrect output when decoding this base64 string in vb.net ( i think its base64? it really looks like it )
im using the frombase64string function
and i did it like this
Dim b64str = "0DDQQL3uAikQBgAAc4cqK4WnSQBg4SAgExEAAF3BAmAILYojRgkBhUrBAgEDRw=="
Dim i As String = System.Text.Encoding.Unicode.GetString(Convert.FromBase64String(b64str))
MsgBox(i)
but i always get this output
バ䃐⤂ؐ
that doesn't seem right
0DDQQL3uAikQBgAAc4cqK4WnSQBg4SAgExEAAF3BAmAILYojRgkBhUrBAgEDRw==
It looks like Base64, the length is a correct size, the characters belong to the Base64 character set and the trailing "==" is reasonable. Of course it might not be a Base64 encoding.
Base64 decoding results in:
D0 30 D0 40 BD EE 02 29 10 06 00 00 73 87 2A 2B 85 A7 49 00 60 E1 20 20 13 11 00 00 5D C1 02 60 08 2D 8A 23 46 09 01 85 4A C1 02 01 03 47
Now the problem, this is not a character string, it is an array of 8-bit bytes. Thus it can not be displayed as characters. The 0x00 bytes will signal the end of a string to the print method and the no-representable characters may be ignored, displayed with special characters or multiple bytes may display as must-byte unicode characters. The only guaranteed and usual display is in hexadecimal as above.
That String can be virtually anything. It might be the result of an encryption algorithm, like sha*. Your mistake is that you assume that it must be base64 because it might be.
It is a valid observation that it might be base64, so it was a perfectly valid thing to run that function, but it is you who has to determine whether based on the results it is base64 or something else, based on particular logic, which was not described in the question.
So, I have a Windows program that is behaving badly. The callstack at the time of the error is:
0: kd> kn
# Child-SP RetAddr Call Site
00 9a6c3548 815a6c20 nt!KiPollFreezeExecution+0x8
01 9a6c3558 815a6d24 nt!KeBugCheck2+0x61c
02 9a6c3820 8153955c nt!KeBugCheckEx+0x14
03 9a6c3838 8147b30c nt!MY_READ_REGISTER_UCHAR+0x4590
04 9a6c3898 8141de0e nt!KeClockInterruptNotify+0x300
05 9a6c3910 8147ed26 hal!HalSetRealTimeClock+0x367e
06 9a6c3930 814dcc76 nt!KiPlayInterrupt+0x5d6
07 9a6c39f0 8145f086 nt!KiProcessInterrupt+0x17e
08 9a6c3a40 814bbe18 nt!KiInterruptException+0x126
09 9a6c3be0 814acb3a nt!KeSweepIcache+0x40
0a 9a6c3bf8 814ae742 nt!KeSweepIcacheRange+0x6e
0b 9a6c3c08 8149173c nt!MiWaitForInPageComplete+0x206
0c 9a6c3c78 8147bdb8 nt!MiIssueHardFault+0x270
0d 9a6c3cc0 8145ed08 nt!MmAccessFault+0x634
0e 9a6c3d40 6edf9920 nt!KiCommonMemoryManagementAbort+0xcc
0f 0295f4c8 6edec79a MyDriver!Bar+0x8a0
10 0295f4c8 00000000 MyDriver!Foo+0xfea
In the beginning, this makes sense. I have a page fault and try to load the page.
09 9a6c3be0 814acb3a nt!KeSweepIcache+0x40
0a 9a6c3bf8 814ae742 nt!KeSweepIcacheRange+0x6e
0b 9a6c3c08 8149173c nt!MiWaitForInPageComplete+0x206
0c 9a6c3c78 8147bdb8 nt!MiIssueHardFault+0x270
0d 9a6c3cc0 8145ed08 nt!MmAccessFault+0x634
0e 9a6c3d40 6edf9920 nt!KiCommonMemoryManagementAbort+0xcc
But, then it gets in to some interrupt handling. What's going on here?
06 9a6c3930 814dcc76 nt!KiPlayInterrupt+0x5d6
07 9a6c39f0 8145f086 nt!KiProcessInterrupt+0x17e
08 9a6c3a40 814bbe18 nt!KiInterruptException+0x126
Next we mess with the RTC?! Why?
04 9a6c3898 8141de0e nt!KeClockInterruptNotify+0x300
05 9a6c3910 8147ed26 hal!HalSetRealTimeClock+0x367e
And a bugcheck in MY_READ_REGISTER_UCHAR+0x4590? That's way far away from this tiny little function.
01 9a6c3558 815a6d24 nt!KeBugCheck2+0x61c
02 9a6c3820 8153955c nt!KeBugCheckEx+0x14
03 9a6c3838 8147b30c nt!MY_READ_REGISTER_UCHAR+0x4590
0: kd> uf nt!MY_READ_REGISTER_UCHAR
nt!MY_READ_REGISTER_UCHAR:
81534fcc e92d4800 push {r11,lr}
81534fd0 46eb mov r11,sp
81534fd2 f3bf8f4f dsb
81534fd6 7800 ldrb r0,[r0]
81534fd8 e8bd8800 pop {r11,pc}
Can anybody provide some insight in to what I'm seeing here?